CVE-2023-54270

In the Linux kernel, the following vulnerability has been resolved: media: usb: siano: Fix use after free bugs caused by dosubmiturb There are UAF bugs caused by dosubmiturb. One of the KASan reports is shown below: 36.403605 BUG: KASAN: use-after-free in workerthread+0x4a2/0x890 36.406105 Read o...

CVE-2023-54257

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix a memory corruption in extended buffer descriptor mode For quite some time we were chasing a bug which looked like a sudden permanent failure of networking and mmc on some of our devices. The bug was very sensitive...

CVE-2023-54245 ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds When we run syzkaller we get below Out of Bound. "KASAN: slab-out-of-bounds Read in regcacheflatread" Below is the backtrace of the issue: dumpbacktrace+0x0/0x4c8...

CVE-2023-54245

CVE-2023-54245 concerns a Linux kernel vulnerability in ASoC: codecs: tx-macro where a KASAN slab-out-of-bounds read occurred (regcache_flat_read path). The issue manifested under syzkaller as a read from regcache_flat_read traced through regmap_READ/UPDATE_BITS and snd_soc_component_write_field,...

CVE-2022-50873 vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove

In the Linux kernel, the following vulnerability has been resolved: vdpa/vpvdpa: fix kfree a wrong pointer in vpvdparemove In vpvdparemove, the code kfree&vpvdpamgtdev-mgtdev.idtable uses a reference of pointer as the argument of kfree, which is the wrong pointer and then may hit crash like this:...

CVE-2022-50866 ASoC: pxa: fix null-pointer dereference in filter()

In the Linux kernel, the following vulnerability has been resolved: ASoC: pxa: fix null-pointer dereference in filter kasprintf would return NULL pointer when kmalloc fail to allocate. Need to check the return pointer before calling strcmp...

CVE-2022-50866

In the Linux kernel, the following vulnerability has been resolved: ASoC: pxa: fix null-pointer dereference in filter kasprintf would return NULL pointer when kmalloc fail to allocate. Need to check the return pointer before calling strcmp...

CVE-2022-50785

In the Linux kernel, the following vulnerability has been resolved: fsi: occ: Prevent use after free Use getdevice and putdevice in the open and close functions to make sure the device doesn't get freed while a file descriptor is open. Also, lock around the freeing of the device buffer and check...

CVE-2023-54233 ASoC: SOF: avoid a NULL dereference with unsupported widgets

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .moduleinfo field won't be set, then sofipc4routesetup will cause a kernel Oops trying to dereference it. Add a...

CVE-2023-54233

The CVE-2023-54233 issue affects the Linux kernel ASoC/SOF path, where IPC4 topologies containing an unsupported widget could leave the .module_info field unset, leading to a NULL dereference in sof_ipc4_route_setup() and a kernel Oops. A fix adds a guard to handle such cases. Connected sources c...

CVE-2023-54233 ASoC: SOF: avoid a NULL dereference with unsupported widgets

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .moduleinfo field won't be set, then sofipc4routesetup will cause a kernel Oops trying to dereference it. Add a...

CVE-2023-54233

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .moduleinfo field won't be set, then sofipc4routesetup will cause a kernel Oops trying to dereference it. Add a...

CVE-2023-54198

In the Linux kernel, the following vulnerability has been resolved: tty: fix out-of-bounds access in ttydriverlookuptty When specifying an invalid console= device like console=tty3270, ttydriverlookuptty returns the tty struct without checking whether index is a valid number. To reproduce:...

CVE-2023-54175

In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: xiicxfer: Fix runtime PM leak on error path The xiicxfer function gets a runtime PM reference when the function is entered. This reference is released when the function is exited. There is currently one error path wher...

CVE-2023-54171

Technical details for CVE-2023-54171 are not publicly provided in the supplied documents; no affected products, root cause, or fixes are disclosed here. Monitor for updates.

CVE-2023-54171 tracing: Fix memory leak of iter->temp when reading trace_pipe

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak of iter-temp when reading tracepipe kmemleak reports: unreferenced object 0xffff88814d14e200 size 256: comm "cat", pid 336, jiffies 4294871818 age 779.490s hex dump first 32 bytes: 04 00 01 03 00 00 00 00...

CVE-2022-50784

The CVE-2022-50784 issue affects the Linux kernel in the wifi/iwlwifi/mei path, where a NULL-pointer dereference can occur after attempting to clone an SKB. If SKB cloning fails, the code may proceed to use the invalid SKB instead of aborting, risking a system crash or instability. The vulnerabil...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992333)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992333 advisory. In the Linux kernel, the following vulnerability has been resolved: jbd2: fix assertion 'jh-bfrozendata == NULL' failure when journal aborted Following process will...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992570)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992570 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected When we are not connecte...

Linux Distros Unpatched Vulnerability : CVE-2023-54237

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/smc: fix potential panic dues to unprotected smcllcsrvaddlink There is a certain chance to trigger the following panic: PID: 5900 TASK: ffff88c1c8af4100 CPU...